Suppose that John writes the following php script to access his database. print

Question

Suppose that John writes the following php script to access his database.

print “Connected to MySQL<br>”; }...?>

He is worried that the script can be read by an adversary and he wants to protect the login information. Given that this script is only accessed by an administrator, John decides to write code that places a “magic” value within the cookie of the administrator and then somehow use this value to hide all critical information in the above PHP script (specifically the raw value of $username and $password). Note that the magic value can be accessed from within the script in the following way:

a) Write a modified PHP script that achieves John’s objective. Explain what the “magic” value will be.

b) What is the main defect of John’s approach?

c) What would be a better way to achieve John’s objective?

Explanation / Answer

<?php

$cookie_name ="magic" ;

$cookie_value = "Adminnistrator";

Setcookie ($_COOKIE[$COOKIE_name]))

{

$Username = "userdb_5648";

$password = "7F519X-X_";

$hostname = "localhost" ;

$dbh = mysql_connect($hostname,$username,$password)

if($dbh)

{

print "Connected to my sql <br>" ;

}

}

B) In jhons approach he is trying to store cookie into thr system but it is not secure, why because if anybody else uses that script in his system he also can login and access his data without his permission

Related Questions

Navigate

• Browse (All)
• Browse S
• Subjects